]>
Commit | Line | Data |
---|---|---|
e292e93d GB |
1 | |
2 | #include "dnsmasq.h" | |
d322de06 | 3 | #include "dnssec-crypto.h" |
e292e93d GB |
4 | #include <assert.h> |
5 | ||
6299ffbe GB |
6 | /* Maximum length in octects of a domain name, in wire format */ |
7 | #define MAXCDNAME 256 | |
8 | ||
e292e93d GB |
9 | #define SERIAL_UNDEF -100 |
10 | #define SERIAL_EQ 0 | |
11 | #define SERIAL_LT -1 | |
12 | #define SERIAL_GT 1 | |
13 | ||
e292e93d GB |
14 | /* Implement RFC1982 wrapped compare for 32-bit numbers */ |
15 | static int serial_compare_32(unsigned long s1, unsigned long s2) | |
16 | { | |
17 | if (s1 == s2) | |
18 | return SERIAL_EQ; | |
19 | ||
20 | if ((s1 < s2 && (s2 - s1) < (1UL<<31)) || | |
21 | (s1 > s2 && (s1 - s2) > (1UL<<31))) | |
22 | return SERIAL_LT; | |
23 | if ((s1 < s2 && (s2 - s1) > (1UL<<31)) || | |
24 | (s1 > s2 && (s1 - s2) < (1UL<<31))) | |
25 | return SERIAL_GT; | |
26 | return SERIAL_UNDEF; | |
27 | } | |
28 | ||
29 | /* Extract a DNS name from wire format, without handling compression. This is | |
30 | faster than extract_name() and does not require access to the full dns | |
31 | packet. */ | |
32 | static int extract_name_no_compression(unsigned char *rr, int maxlen, char *buf) | |
33 | { | |
34 | unsigned char *start=rr, *end = rr+maxlen; | |
35 | int count; | |
36 | ||
37 | while (rr < end && *rr != 0) | |
38 | { | |
39 | count = *rr++; | |
6445c8ed | 40 | while (count-- > 0 && rr < end) |
e292e93d GB |
41 | { |
42 | *buf = *rr++; | |
b98f7715 GB |
43 | if (!isascii(*buf) || iscntrl(*buf) || *buf == '.') |
44 | return 0; | |
e292e93d GB |
45 | if (*buf >= 'A' && *buf <= 'Z') |
46 | *buf += 'a' - 'A'; | |
47 | buf++; | |
79333a24 | 48 | } |
e292e93d GB |
49 | *buf++ = '.'; |
50 | } | |
dd090561 | 51 | /* Remove trailing dot (if any) */ |
2ef843dd GB |
52 | if (rr != start) |
53 | *(--buf) = 0; | |
e292e93d GB |
54 | if (rr == end) |
55 | return 0; | |
dd090561 | 56 | /* Trailing \0 in source data must be consumed */ |
79333a24 | 57 | return rr-start+1; |
e292e93d GB |
58 | } |
59 | ||
6299ffbe GB |
60 | /* process_domain_name() - do operations with domain names in canonicalized wire format. |
61 | * | |
62 | * Handling domain names in wire format can be done with buffers as large as MAXCDNAME (256), | |
63 | * while the representation format (as created by, eg., extract_name) requires MAXDNAME (1024). | |
64 | * | |
65 | * With "canonicalized wire format", we mean the standard DNS wire format, eg: | |
66 | * | |
67 | * <3>www<7>example<3>org<0> | |
68 | * | |
69 | * with all ÅSCII letters converted to lowercase, and no wire-level compression. | |
70 | * | |
71 | * The function works with two different buffers: | |
72 | * - Input buffer: 'rdata' is a pointer to the actual wire data, and 'rdlen' is | |
73 | * the total length till the end of the rdata or DNS packet section. Both | |
74 | * variables are updated after processing the domain name, so that rdata points | |
75 | * after it, and rdlen is decreased by the amount of the processed octects. | |
76 | * - Output buffer: 'out' points to it. In some cases, this buffer can be prefilled | |
77 | * and used as additional input (see below). | |
78 | * | |
79 | * The argument "action" decides what to do with the submitted domain name: | |
80 | * | |
81 | * PDN_EXTRACT: | |
82 | * Extract the domain name from input buffer into the output buffer, possibly uncompressing it. | |
83 | * Return the length of the domain name in the output buffer in octects, or zero if error. | |
84 | * | |
85 | * PDN_COMPARE: | |
86 | * Compare the domain name in the input buffer and the one in the output buffer (ignoring | |
87 | * differences in compression). Returns 0 in case of error, a positive number | |
88 | * if they are equal, or a negative number if they are different. This function always | |
89 | * consumes the whole name in the input buffer (there is no early exit). | |
90 | * | |
91 | * PDN_ORDER: | |
92 | * Order between the domain name in the input buffer and the domain name in the output buffer. | |
93 | * Returns 0 if the names are equal, 1 if input > output, or -1 if input < output. This | |
94 | * function early-exits when it finds a difference, so rdata might not be fully updated. | |
95 | * | |
96 | * Notice: because of compression, rdata/rdlen might be updated with a different quantity than | |
97 | * the returned number of octects. For instance, if we extract a compressed domain name, rdata/rdlen | |
98 | * might be updated only by 2 bytes (that is, rdata is incresed by 2, and rdlen decreased by 2), | |
99 | * because it then reuses existing data elsewhere in the DNS packet, while the return value might be | |
100 | * larger, reflecting the total number of octects composing the domain name. | |
101 | * | |
102 | */ | |
ec2962ea GB |
103 | #define PWN_EXTRACT 0 |
104 | #define PWN_COMPARE 1 | |
105 | #define PWN_ORDER 2 | |
6299ffbe GB |
106 | static int process_domain_name(struct dns_header *header, size_t pktlen, |
107 | unsigned char** rdata, size_t* rdlen, | |
108 | unsigned char *out, int action) | |
109 | { | |
110 | int hops = 0, total = 0, i; | |
111 | unsigned char label_type; | |
112 | unsigned char *end = (unsigned char *)header + pktlen; | |
113 | unsigned char count; unsigned char *p = *rdata; | |
114 | int nonequal = 0; | |
115 | ||
116 | #define PROCESS(ch) \ | |
117 | do { \ | |
118 | if (action == PWN_EXTRACT) \ | |
119 | *out++ = ch; \ | |
120 | else if (action == PWN_COMPARE) \ | |
121 | { \ | |
122 | if (*out++ != ch) \ | |
123 | nonequal = 1; \ | |
124 | } \ | |
125 | else if (action == PWN_ORDER) \ | |
126 | { \ | |
127 | char _ch = *out++; \ | |
128 | if (ch < _ch) \ | |
129 | return -1; \ | |
130 | else if (_ch > ch) \ | |
131 | return 1; \ | |
132 | } \ | |
133 | } while (0) | |
134 | ||
135 | while (1) | |
136 | { | |
137 | if (p >= end) | |
138 | return 0; | |
139 | if (!(count = *p++)) | |
140 | break; | |
141 | label_type = count & 0xC0; | |
142 | if (label_type == 0xC0) | |
143 | { | |
0db0e0c2 | 144 | int l2; |
6299ffbe GB |
145 | if (p >= end) |
146 | return 0; | |
0db0e0c2 | 147 | l2 = *p++; |
6299ffbe GB |
148 | if (hops == 0) |
149 | { | |
150 | if (p - *rdata > *rdlen) | |
151 | return 0; | |
152 | *rdlen -= p - *rdata; | |
153 | *rdata = p; | |
154 | } | |
155 | if (++hops == 256) | |
156 | return 0; | |
0db0e0c2 | 157 | p = (unsigned char*)header + (count & 0x3F) * 256 + l2; |
6299ffbe GB |
158 | } |
159 | else if (label_type == 0x00) | |
160 | { | |
161 | if (p+count-1 >= end) | |
162 | return 0; | |
163 | total += count+1; | |
164 | if (total >= MAXCDNAME) | |
165 | return 0; | |
166 | PROCESS(count); | |
167 | for (i = 0; i < count; ++i) | |
168 | { | |
169 | unsigned char ch = *p++; | |
170 | if (ch >= 'A' && ch <= 'Z') | |
171 | ch += 'a' - 'A'; | |
172 | PROCESS(ch); | |
173 | } | |
174 | } | |
175 | else | |
176 | return 0; /* unsupported label_type */ | |
177 | } | |
178 | ||
179 | if (hops == 0) | |
180 | { | |
181 | if (p - *rdata > *rdlen) | |
182 | return 0; | |
183 | *rdlen -= p - *rdata; | |
184 | *rdata = p; | |
185 | } | |
186 | ++total; | |
187 | if (total >= MAXCDNAME) | |
188 | return 0; | |
189 | PROCESS(0); | |
190 | ||
191 | /* If we arrived here without early-exit, they're equal */ | |
192 | if (action == PWN_ORDER) | |
193 | return 0; | |
194 | return nonequal ? -total : total; | |
195 | ||
196 | #undef PROCESS | |
197 | } | |
198 | ||
199 | ||
200 | /* RDATA meta-description. | |
201 | * | |
202 | * RFC4034 §6.2 introduces the concept of a "canonical form of a RR". This canonical | |
203 | * form is used in two important points within the DNSSEC protocol/algorithm: | |
204 | * | |
205 | * 1) When computing the hash for verifying the RRSIG signature, we need to do it on | |
206 | * the canonical form. | |
207 | * 2) When ordering a RRset in canonical order (§6.3), we need to lexicographically sort | |
208 | * the RRs in canonical form. | |
209 | * | |
210 | * The canonical form of a RR is specifically tricky because it also affects the RDATA, | |
211 | * which is different for each RR type; in fact, RFC4034 says that "domain names in | |
212 | * RDATA must be canonicalized" (= uncompressed and lower-cased). | |
213 | * | |
214 | * To handle this correctly, we then need a way to describe how the RDATA section is | |
215 | * composed for each RR type; we don't need to describe every field, but just to specify | |
216 | * where domain names are. The following array contains this description, and it is | |
217 | * used by rrset_canonical_order() and verifyalg_add_rdata(), to adjust their behaviour | |
218 | * for each RR type. | |
219 | * | |
220 | * The format of the description is very easy, for instance: | |
221 | * | |
222 | * { 12, RDESC_DOMAIN, RDESC_DOMAIN, 4, RDESC_DOMAIN, RDESC_END } | |
223 | * | |
224 | * This means that this (ficticious) RR type has a RDATA section containing 12 octects | |
225 | * (we don't care what they contain), followed by 2 domain names, followed by 4 octects, | |
226 | * followed by 1 domain name, and then followed by an unspecificied number of octects (0 | |
227 | * or more). | |
228 | */ | |
229 | ||
230 | #define RDESC_DOMAIN -1 | |
231 | #define RDESC_END 0 | |
232 | static const int rdata_description[][8] = | |
233 | { | |
234 | /**/ { RDESC_END }, | |
235 | /* 1: A */ { RDESC_END }, | |
236 | /* 2: NS */ { RDESC_DOMAIN, RDESC_END }, | |
237 | /* 3: .. */ { RDESC_END }, | |
238 | /* 4: .. */ { RDESC_END }, | |
239 | /* 5: CNAME */ { RDESC_DOMAIN, RDESC_END }, | |
785ee80b | 240 | /* 6: SOA */ { RDESC_DOMAIN, RDESC_DOMAIN, RDESC_END }, |
0937692d GB |
241 | /* 7: */ { RDESC_END }, |
242 | /* 8: */ { RDESC_END }, | |
243 | /* 9: */ { RDESC_END }, | |
244 | /* 10: */ { RDESC_END }, | |
245 | /* 11: */ { RDESC_END }, | |
246 | /* 12: */ { RDESC_END }, | |
247 | /* 13: */ { RDESC_END }, | |
248 | /* 14: */ { RDESC_END }, | |
249 | /* 15: MX */ { 2, RDESC_DOMAIN, RDESC_END }, | |
6299ffbe GB |
250 | }; |
251 | ||
252 | ||
4885d57c GB |
253 | /* On-the-fly rdata canonicalization |
254 | * | |
255 | * This set of functions allow the user to iterate over the rdata section of a RR | |
256 | * while canonicalizing it on-the-fly. This is a great memory saving since the user | |
257 | * doesn't need to allocate memory for a copy of the whole rdata section. | |
258 | * | |
259 | * Sample usage: | |
260 | * | |
261 | * RDataCFrom cf; | |
262 | * rdata_cfrom_init( | |
263 | * &cf, | |
264 | * header, pktlen, // dns_header | |
265 | * rdata, // pointer to rdata section | |
266 | * rrtype, // RR tyep | |
267 | * tmpbuf); // temporary buf (MAXCDNAME) | |
268 | * | |
269 | * while ((p = rdata_cfrom_next(&cf, &len)) | |
270 | * { | |
271 | * // Process p[0..len] | |
272 | * } | |
273 | * | |
274 | * if (rdata_cfrom_error(&cf)) | |
275 | * // error occurred while parsing | |
276 | * | |
277 | */ | |
278 | typedef struct | |
279 | { | |
280 | struct dns_header *header; | |
281 | size_t pktlen; | |
282 | unsigned char *rdata; | |
283 | unsigned char *tmpbuf; | |
284 | size_t rdlen; | |
285 | int rrtype; | |
286 | int cnt; | |
287 | } RDataCForm; | |
288 | ||
289 | static void rdata_cform_init(RDataCForm *ctx, struct dns_header *header, size_t pktlen, | |
290 | unsigned char *rdata, int rrtype, unsigned char *tmpbuf) | |
291 | { | |
292 | if (rrtype >= countof(rdata_description)) | |
293 | rrtype = 0; | |
294 | ctx->header = header; | |
295 | ctx->pktlen = pktlen; | |
296 | ctx->rdata = rdata; | |
297 | ctx->rrtype = rrtype; | |
298 | ctx->tmpbuf = tmpbuf; | |
299 | ctx->cnt = -1; | |
300 | GETSHORT(ctx->rdlen, ctx->rdata); | |
301 | } | |
302 | ||
303 | static int rdata_cform_error(RDataCForm *ctx) | |
304 | { | |
305 | return ctx->cnt == -2; | |
306 | } | |
307 | ||
308 | static unsigned char *rdata_cform_next(RDataCForm *ctx, size_t *len) | |
309 | { | |
310 | if (ctx->cnt != -1 && rdata_description[ctx->rrtype][ctx->cnt] == RDESC_END) | |
311 | return NULL; | |
312 | ||
313 | int d = rdata_description[ctx->rrtype][++ctx->cnt]; | |
314 | if (d == RDESC_DOMAIN) | |
315 | { | |
316 | *len = process_domain_name(ctx->header, ctx->pktlen, &ctx->rdata, &ctx->rdlen, ctx->tmpbuf, PWN_EXTRACT); | |
317 | if (!*len) | |
318 | { | |
319 | ctx->cnt = -2; | |
320 | return NULL; | |
321 | } | |
322 | return ctx->tmpbuf; | |
323 | } | |
324 | else if (d == RDESC_END) | |
325 | { | |
326 | *len = ctx->rdlen; | |
327 | return ctx->rdata; | |
328 | } | |
329 | else | |
330 | { | |
331 | unsigned char *ret = ctx->rdata; | |
332 | ctx->rdlen -= d; | |
333 | ctx->rdata += d; | |
334 | *len = d; | |
335 | return ret; | |
336 | } | |
337 | } | |
338 | ||
339 | ||
e292e93d GB |
340 | /* Check whether today/now is between date_start and date_end */ |
341 | static int check_date_range(unsigned long date_start, unsigned long date_end) | |
342 | { | |
343 | /* TODO: double-check that time(0) is the correct time we are looking for */ | |
344 | /* TODO: dnssec requires correct timing; implement SNTP in dnsmasq? */ | |
345 | unsigned long curtime = time(0); | |
346 | ||
347 | /* We must explicitly check against wanted values, because of SERIAL_UNDEF */ | |
41de7442 GB |
348 | return serial_compare_32(curtime, date_start) == SERIAL_GT |
349 | && serial_compare_32(curtime, date_end) == SERIAL_LT; | |
e292e93d GB |
350 | } |
351 | ||
0ca895f5 | 352 | |
e292e93d GB |
353 | /* Sort RRs within a RRset in canonical order, according to RFC4034, §6.3 |
354 | Notice that the RRDATA sections have been already normalized, so a memcpy | |
355 | is sufficient. | |
356 | NOTE: r1/r2 point immediately after the owner name. */ | |
0ca895f5 GB |
357 | |
358 | struct { | |
359 | struct dns_header *header; | |
360 | size_t pktlen; | |
361 | } rrset_canonical_order_ctx; | |
362 | ||
e292e93d GB |
363 | static int rrset_canonical_order(const void *r1, const void *r2) |
364 | { | |
0ca895f5 | 365 | size_t r1len, r2len; |
da23c4f9 | 366 | int rrtype; |
0ca895f5 GB |
367 | unsigned char *pr1=*(unsigned char**)r1, *pr2=*(unsigned char**)r2; |
368 | unsigned char tmp1[MAXCDNAME], tmp2[MAXCDNAME]; /* TODO: use part of daemon->namebuff */ | |
e292e93d | 369 | |
0ca895f5 GB |
370 | GETSHORT(rrtype, pr1); |
371 | pr1 += 6; pr2 += 8; | |
da23c4f9 GB |
372 | |
373 | RDataCForm cf1, cf2; | |
374 | rdata_cform_init(&cf1, rrset_canonical_order_ctx.header, rrset_canonical_order_ctx.pktlen, | |
375 | pr1, rrtype, tmp1); | |
376 | rdata_cform_init(&cf2, rrset_canonical_order_ctx.header, rrset_canonical_order_ctx.pktlen, | |
377 | pr2, rrtype, tmp2); | |
378 | while ((pr1 = rdata_cform_next(&cf1, &r1len)) && | |
379 | (pr2 = rdata_cform_next(&cf2, &r2len))) | |
380 | { | |
381 | int res = memcmp(pr1, pr2, MIN(r1len,r2len)); | |
382 | if (res != 0) | |
383 | return res; | |
384 | if (r1len < r2len) | |
385 | return -1; | |
386 | if (r2len > r1len) | |
387 | return 1; | |
388 | } | |
389 | ||
390 | /* If we reached this point, the two RRs are identical (or an error occurred). | |
0ca895f5 GB |
391 | RFC2181 says that an RRset is not allowed to contain duplicate |
392 | records. If it happens, it is a protocol error and anything goes. */ | |
393 | return 1; | |
e292e93d GB |
394 | } |
395 | ||
adca3e9c GB |
396 | typedef struct PendingRRSIGValidation |
397 | { | |
398 | VerifyAlgCtx *alg; | |
399 | char *signer_name; | |
400 | int keytag; | |
401 | } PendingRRSIGValidation; | |
402 | ||
7f0485cf GB |
403 | /* strchrnul - like strchr, but when character is not found, returns a pointer to the terminating \0. |
404 | ||
405 | This is an existing C GNU extension, but it's easier to reimplement it, | |
406 | rather than tweaking with configure. */ | |
4f9aefc7 | 407 | static char *my_strchrnul(char *str, char ch) |
7f0485cf GB |
408 | { |
409 | while (*str && *str != ch) | |
410 | str++; | |
411 | return str; | |
412 | } | |
413 | ||
32b826e2 GB |
414 | /* Convert a domain name to wire format */ |
415 | static int convert_domain_to_wire(char *name, unsigned char* out) | |
13e435eb | 416 | { |
32b826e2 GB |
417 | unsigned char len; |
418 | unsigned char *start = out; | |
419 | char *p; | |
13e435eb | 420 | |
7f0485cf | 421 | do |
13e435eb | 422 | { |
4f9aefc7 | 423 | p = my_strchrnul(name, '.'); |
7f0485cf GB |
424 | if ((len = p-name)) |
425 | { | |
32b826e2 | 426 | *out++ = len; |
b58fb39f GB |
427 | while (len--) |
428 | { | |
429 | char ch = *name++; | |
430 | /* TODO: this will not be required anymore once we | |
431 | remove all usages of extract_name() from DNSSEC code */ | |
432 | if (ch >= 'A' && ch <= 'Z') | |
433 | ch = ch - 'A' + 'a'; | |
434 | *out++ = ch; | |
435 | } | |
7f0485cf | 436 | } |
13e435eb GB |
437 | name = p+1; |
438 | } | |
7f0485cf GB |
439 | while (*p); |
440 | ||
32b826e2 GB |
441 | *out++ = '\0'; |
442 | return out-start; | |
13e435eb GB |
443 | } |
444 | ||
0ca895f5 | 445 | |
ed1fc985 | 446 | /* Pass a resource record's rdata field through the currently-initailized digest algorithm. |
0852d76b GB |
447 | |
448 | We must pass the record in DNS wire format, but if the record contains domain names, | |
449 | they must be uncompressed. This makes things very tricky, because */ | |
ed1fc985 | 450 | static int digestalg_add_rdata(int sigtype, struct dns_header *header, size_t pktlen, |
0852d76b GB |
451 | unsigned char *rdata) |
452 | { | |
f119ed38 | 453 | size_t len; |
0852d76b | 454 | unsigned char *p; |
f119ed38 GB |
455 | unsigned short total; |
456 | unsigned char tmpbuf[MAXDNAME]; /* TODO: reuse part of daemon->namebuff */ | |
457 | RDataCForm cf1, cf2; | |
0852d76b | 458 | |
f119ed38 GB |
459 | /* Initialize two iterations over the canonical form*/ |
460 | rdata_cform_init(&cf1, header, pktlen, rdata, sigtype, tmpbuf); | |
461 | cf2 = cf1; | |
462 | ||
463 | /* Iteration 1: go through the canonical record and count the total octects. | |
464 | This number might be different from the non-canonical rdata length | |
465 | because of domain names compression. */ | |
466 | total = 0; | |
467 | while ((p = rdata_cform_next(&cf1, &len))) | |
468 | total += len; | |
469 | if (rdata_cform_error(&cf1)) | |
470 | return 0; | |
471 | ||
472 | /* Iteration 2: process the canonical record through the hash function */ | |
473 | total = htons(total); | |
ed1fc985 | 474 | digestalg_add_data(&total, 2); |
f119ed38 GB |
475 | |
476 | while ((p = rdata_cform_next(&cf2, &len))) | |
ed1fc985 | 477 | digestalg_add_data(p, len); |
0852d76b | 478 | |
0852d76b GB |
479 | return 1; |
480 | } | |
481 | ||
482 | ||
adca3e9c GB |
483 | static int begin_rrsig_validation(struct dns_header *header, size_t pktlen, |
484 | unsigned char *reply, int count, char *owner, | |
485 | int sigclass, int sigrdlen, unsigned char *sig, | |
486 | PendingRRSIGValidation *out) | |
e292e93d GB |
487 | { |
488 | int i, res; | |
489 | int sigtype, sigalg, siglbl; | |
490 | unsigned char *sigrdata = sig; | |
491 | unsigned long sigttl, date_end, date_start; | |
492 | unsigned char* p = reply; | |
493 | char* signer_name = daemon->namebuff; | |
13e435eb | 494 | int signer_name_rdlen; |
e292e93d GB |
495 | int keytag; |
496 | void *rrset[16]; /* TODO: max RRset size? */ | |
497 | int rrsetidx = 0; | |
498 | ||
499 | if (sigrdlen < 18) | |
500 | return 0; | |
501 | GETSHORT(sigtype, sig); | |
502 | sigalg = *sig++; | |
503 | siglbl = *sig++; | |
504 | GETLONG(sigttl, sig); | |
505 | GETLONG(date_end, sig); | |
506 | GETLONG(date_start, sig); | |
507 | GETSHORT(keytag, sig); | |
508 | sigrdlen -= 18; | |
509 | ||
adca3e9c | 510 | if (!verifyalg_supported(sigalg)) |
e292e93d | 511 | { |
4b528700 | 512 | printf("ERROR: RRSIG algorithm not supported: %d\n", sigalg); |
e292e93d GB |
513 | return 0; |
514 | } | |
515 | ||
d31d057a | 516 | if (!check_date_range(date_start, date_end)) |
e292e93d | 517 | { |
4b528700 | 518 | printf("ERROR: RRSIG outside date range\n"); |
e292e93d GB |
519 | return 0; |
520 | } | |
521 | ||
522 | /* Iterate within the answer and find the RRsets matching the current RRsig */ | |
523 | for (i = 0; i < count; ++i) | |
524 | { | |
525 | int qtype, qclass, rdlen; | |
526 | if (!(res = extract_name(header, pktlen, &p, owner, 0, 10))) | |
527 | return 0; | |
528 | rrset[rrsetidx] = p; | |
529 | GETSHORT(qtype, p); | |
530 | GETSHORT(qclass, p); | |
531 | p += 4; /* skip ttl */ | |
532 | GETSHORT(rdlen, p); | |
533 | if (res == 1 && qtype == sigtype && qclass == sigclass) | |
534 | { | |
535 | ++rrsetidx; | |
382e38f4 GB |
536 | if (rrsetidx == countof(rrset)) |
537 | { | |
538 | /* Internal buffer too small */ | |
539 | printf("internal buffer too small for this RRset\n"); | |
540 | return 0; | |
541 | } | |
e292e93d GB |
542 | } |
543 | p += rdlen; | |
544 | } | |
545 | ||
546 | /* Sort RRset records in canonical order. */ | |
0ca895f5 GB |
547 | rrset_canonical_order_ctx.header = header; |
548 | rrset_canonical_order_ctx.pktlen = pktlen; | |
e292e93d GB |
549 | qsort(rrset, rrsetidx, sizeof(void*), rrset_canonical_order); |
550 | ||
50a96b62 GB |
551 | /* Skip through the signer name; we don't extract it right now because |
552 | we don't want to overwrite the single daemon->namebuff which contains | |
553 | the owner name. We'll get to this later. */ | |
554 | if (!(p = skip_name(sig, header, pktlen, 0))) | |
e292e93d | 555 | return 0; |
50a96b62 GB |
556 | signer_name_rdlen = p - sig; |
557 | sig = p; sigrdlen -= signer_name_rdlen; | |
13e435eb | 558 | |
e292e93d GB |
559 | /* Now initialize the signature verification algorithm and process the whole |
560 | RRset */ | |
adca3e9c GB |
561 | VerifyAlgCtx *alg = verifyalg_alloc(sigalg); |
562 | if (!alg) | |
563 | return 0; | |
3af1ea8c GB |
564 | alg->sig = sig; |
565 | alg->siglen = sigrdlen; | |
e292e93d | 566 | |
4b0eecbb GB |
567 | sigtype = htons(sigtype); |
568 | sigclass = htons(sigclass); | |
569 | sigttl = htonl(sigttl); | |
570 | ||
32b826e2 GB |
571 | /* TODO: we shouldn't need to convert this to wire here. Best solution would be: |
572 | - Use process_name() instead of extract_name() everywhere in dnssec code | |
573 | - Convert from wire format to representation format only for querying/storing cache | |
574 | */ | |
575 | unsigned char owner_wire[MAXCDNAME]; | |
576 | int owner_wire_len = convert_domain_to_wire(owner, owner_wire); | |
577 | ||
3af1ea8c | 578 | digestalg_begin(alg->vtbl->digest_algo); |
ed1fc985 | 579 | digestalg_add_data(sigrdata, 18+signer_name_rdlen); |
e292e93d GB |
580 | for (i = 0; i < rrsetidx; ++i) |
581 | { | |
13e435eb GB |
582 | p = (unsigned char*)(rrset[i]); |
583 | ||
ed1fc985 GB |
584 | digestalg_add_data(owner_wire, owner_wire_len); |
585 | digestalg_add_data(&sigtype, 2); | |
586 | digestalg_add_data(&sigclass, 2); | |
587 | digestalg_add_data(&sigttl, 4); | |
e292e93d | 588 | |
e292e93d | 589 | p += 8; |
ed1fc985 | 590 | if (!digestalg_add_rdata(ntohs(sigtype), header, pktlen, p)) |
0852d76b | 591 | return 0; |
e292e93d | 592 | } |
3af1ea8c GB |
593 | int digest_len = digestalg_len(); |
594 | memcpy(alg->digest, digestalg_final(), digest_len); | |
e292e93d | 595 | |
50a96b62 GB |
596 | /* We don't need the owner name anymore; now extract the signer name */ |
597 | if (!extract_name_no_compression(sigrdata+18, signer_name_rdlen, signer_name)) | |
598 | return 0; | |
599 | ||
adca3e9c GB |
600 | out->alg = alg; |
601 | out->keytag = keytag; | |
602 | out->signer_name = signer_name; | |
603 | return 1; | |
604 | } | |
605 | ||
606 | static int end_rrsig_validation(PendingRRSIGValidation *val, struct crec *crec_dnskey) | |
607 | { | |
a7338645 | 608 | /* FIXME: keydata is non-contiguous */ |
708bcd2d | 609 | return val->alg->vtbl->verify(val->alg, crec_dnskey->addr.key.keydata, crec_dnskey->uid); |
adca3e9c GB |
610 | } |
611 | ||
612 | static void dnssec_parserrsig(struct dns_header *header, size_t pktlen, | |
613 | unsigned char *reply, int count, char *owner, | |
614 | int sigclass, int sigrdlen, unsigned char *sig) | |
615 | { | |
616 | PendingRRSIGValidation val; | |
617 | ||
618 | /* Initiate the RRSIG validation process. The pending state is returned into val. */ | |
619 | if (!begin_rrsig_validation(header, pktlen, reply, count, owner, sigclass, sigrdlen, sig, &val)) | |
620 | return; | |
621 | ||
622 | printf("RRSIG: querying cache for DNSKEY %s (keytag: %d)\n", val.signer_name, val.keytag); | |
20bccd49 GB |
623 | |
624 | /* Look in the cache for *all* the DNSKEYs with matching signer_name and keytag */ | |
adca3e9c GB |
625 | char onekey = 0; |
626 | struct crec *crecp = NULL; | |
a55ce08c | 627 | while ((crecp = cache_find_by_name(crecp, val.signer_name, time(0), F_DNSKEY))) /* TODO: time(0) */ |
adca3e9c GB |
628 | { |
629 | onekey = 1; | |
630 | ||
20bccd49 GB |
631 | if (crecp->addr.key.keytag == val.keytag |
632 | && crecp->addr.key.algo == verifyalg_algonum(val.alg)) | |
633 | { | |
634 | printf("RRSIG: found DNSKEY %d in cache, attempting validation\n", val.keytag); | |
adca3e9c | 635 | |
20bccd49 GB |
636 | if (end_rrsig_validation(&val, crecp)) |
637 | printf("Validation OK\n"); | |
638 | else | |
ccd1d32c | 639 | printf("ERROR: Validation FAILED (%s, keytag:%d, algo:%d)\n", owner, val.keytag, verifyalg_algonum(val.alg)); |
20bccd49 | 640 | } |
adca3e9c GB |
641 | } |
642 | ||
643 | if (!onekey) | |
644 | { | |
ccca70cb | 645 | printf("DNSKEY not found, need to fetch it\n"); |
adca3e9c GB |
646 | /* TODO: store PendingRRSIGValidation in routing table, |
647 | fetch key (and make it go through dnssec_parskey), then complete validation. */ | |
648 | } | |
e292e93d GB |
649 | } |
650 | ||
3471f181 | 651 | /* Compute keytag (checksum to quickly index a key). See RFC4034 */ |
75ffc9bf | 652 | static int dnskey_keytag(int alg, unsigned char *rdata, int rdlen) |
3471f181 | 653 | { |
75ffc9bf GB |
654 | if (alg == 1) |
655 | { | |
656 | /* Algorithm 1 (RSAMD5) has a different (older) keytag calculation algorithm. | |
657 | See RFC4034, Appendix B.1 */ | |
658 | return rdata[rdlen-3] * 256 + rdata[rdlen-2]; | |
659 | } | |
660 | else | |
661 | { | |
662 | unsigned long ac; | |
663 | int i; | |
664 | ||
665 | ac = 0; | |
666 | for (i = 0; i < rdlen; ++i) | |
667 | ac += (i & 1) ? rdata[i] : rdata[i] << 8; | |
668 | ac += (ac >> 16) & 0xFFFF; | |
669 | return ac & 0xFFFF; | |
670 | } | |
3471f181 GB |
671 | } |
672 | ||
0304d28f GB |
673 | /* Check if the DS record (from cache) points to the DNSKEY record (from cache) */ |
674 | static int dnskey_ds_match(struct crec *dnskey, struct crec *ds) | |
675 | { | |
676 | if (dnskey->addr.key.keytag != ds->addr.key.keytag) | |
677 | return 0; | |
678 | if (dnskey->addr.key.algo != ds->addr.key.algo) | |
679 | return 0; | |
680 | ||
681 | unsigned char owner[MAXCDNAME]; /* TODO: user part of daemon->namebuff */ | |
682 | int owner_len = convert_domain_to_wire(cache_get_name(ds), owner); | |
683 | size_t keylen = dnskey->uid; | |
684 | int dig = ds->uid; | |
ed1fc985 | 685 | int digsize; |
0304d28f GB |
686 | |
687 | if (!digestalg_begin(dig)) | |
688 | return 0; | |
ed1fc985 | 689 | digsize = digestalg_len(); |
0304d28f GB |
690 | digestalg_add_data(owner, owner_len); |
691 | digestalg_add_data("\x01\x01\x03", 3); | |
692 | digestalg_add_data(&ds->addr.key.algo, 1); | |
693 | digestalg_add_keydata(dnskey->addr.key.keydata, keylen); | |
ed1fc985 | 694 | return (memcmp(digestalg_final(), ds->addr.key.keydata->key, digsize) == 0); |
0304d28f GB |
695 | } |
696 | ||
3471f181 GB |
697 | int dnssec_parsekey(struct dns_header *header, size_t pktlen, char *owner, unsigned long ttl, |
698 | int rdlen, unsigned char *rdata) | |
699 | { | |
700 | int flags, proto, alg; | |
701 | struct keydata *key; struct crec *crecp; | |
3471f181 GB |
702 | unsigned char *ordata = rdata; int ordlen = rdlen; |
703 | ||
704 | CHECKED_GETSHORT(flags, rdata, rdlen); | |
705 | CHECKED_GETCHAR(proto, rdata, rdlen); | |
706 | CHECKED_GETCHAR(alg, rdata, rdlen); | |
707 | ||
708 | if (proto != 3) | |
709 | return 0; | |
0d829ebc GB |
710 | /* Skip non-signing keys (as specified in RFC4034 */ |
711 | if (!(flags & 0x100)) | |
712 | return 0; | |
3471f181 | 713 | |
a55ce08c | 714 | key = keydata_alloc((char*)rdata, rdlen); |
3471f181 | 715 | |
3471f181 GB |
716 | /* TODO: time(0) is correct here? */ |
717 | crecp = cache_insert(owner, NULL, time(0), ttl, F_FORWARD | F_DNSKEY); | |
718 | if (crecp) | |
719 | { | |
720 | /* TODO: improve union not to name "uid" this field */ | |
721 | crecp->uid = rdlen; | |
722 | crecp->addr.key.keydata = key; | |
723 | crecp->addr.key.algo = alg; | |
75ffc9bf | 724 | crecp->addr.key.keytag = dnskey_keytag(alg, ordata, ordlen); |
3471f181 GB |
725 | printf("DNSKEY: storing key for %s (keytag: %d)\n", owner, crecp->addr.key.keytag); |
726 | } | |
727 | else | |
728 | { | |
729 | keydata_free(key); | |
730 | /* TODO: if insertion really might fail, verify we don't depend on cache | |
731 | insertion success for validation workflow correctness */ | |
732 | printf("DNSKEY: cache insertion failure\n"); | |
733 | return 0; | |
734 | } | |
3471f181 GB |
735 | return 1; |
736 | } | |
737 | ||
738 | int dnssec_parseds(struct dns_header *header, size_t pktlen, char *owner, unsigned long ttl, | |
739 | int rdlen, unsigned char *rdata) | |
740 | { | |
0304d28f GB |
741 | int keytag, algo, dig; |
742 | struct keydata *key; struct crec *crec_ds, *crec_key; | |
743 | ||
744 | CHECKED_GETSHORT(keytag, rdata, rdlen); | |
745 | CHECKED_GETCHAR(algo, rdata, rdlen); | |
746 | CHECKED_GETCHAR(dig, rdata, rdlen); | |
747 | ||
748 | if (!digestalg_supported(dig)) | |
749 | return 0; | |
750 | ||
751 | key = keydata_alloc((char*)rdata, rdlen); | |
752 | ||
753 | /* TODO: time(0) is correct here? */ | |
754 | crec_ds = cache_insert(owner, NULL, time(0), ttl, F_FORWARD | F_DS); | |
755 | if (!crec_ds) | |
756 | { | |
757 | keydata_free(key); | |
758 | /* TODO: if insertion really might fail, verify we don't depend on cache | |
759 | insertion success for validation workflow correctness */ | |
760 | printf("DS: cache insertion failure\n"); | |
761 | return 0; | |
762 | } | |
763 | ||
764 | /* TODO: improve union not to name "uid" this field */ | |
765 | crec_ds->uid = dig; | |
766 | crec_ds->addr.key.keydata = key; | |
767 | crec_ds->addr.key.algo = algo; | |
768 | crec_ds->addr.key.keytag = keytag; | |
769 | printf("DS: storing key for %s (digest: %d)\n", owner, dig); | |
770 | ||
771 | /* Now try to find a DNSKEY which matches this DS digest. */ | |
772 | printf("Looking for a DNSKEY matching DS %d...\n", keytag); | |
773 | crec_key = NULL; | |
774 | while ((crec_key = cache_find_by_name(crec_key, owner, time(0), F_DNSKEY))) /* TODO: time(0) */ | |
775 | { | |
776 | if (dnskey_ds_match(crec_key, crec_ds)) | |
777 | { | |
778 | /* TODO: create a link within the cache: ds => dnskey */ | |
779 | printf("MATCH FOUND for keytag %d\n", keytag); | |
ccd1d32c | 780 | return 1; |
0304d28f GB |
781 | } |
782 | } | |
783 | ||
ccd1d32c | 784 | printf("ERROR: match not found for DS %d (owner: %s)\n", keytag, owner); |
3471f181 GB |
785 | return 0; |
786 | } | |
e292e93d GB |
787 | |
788 | int dnssec_validate(struct dns_header *header, size_t pktlen) | |
789 | { | |
790 | unsigned char *p, *reply; | |
791 | char *owner = daemon->namebuff; | |
23c21766 | 792 | int i, s, qtype, qclass, rdlen; |
e292e93d | 793 | unsigned long ttl; |
23c21766 | 794 | int slen[3] = { ntohs(header->ancount), ntohs(header->nscount), ntohs(header->arcount) }; |
e292e93d | 795 | |
23c21766 | 796 | if (slen[0] + slen[1] + slen[2] == 0) |
e292e93d GB |
797 | return 0; |
798 | if (!(reply = p = skip_questions(header, pktlen))) | |
799 | return 0; | |
d0edff7d GB |
800 | |
801 | /* First, process DNSKEY/DS records and add them to the cache. */ | |
802 | cache_start_insert(); | |
23c21766 | 803 | for (i = 0; i < slen[0]; i++) |
e292e93d GB |
804 | { |
805 | if (!extract_name(header, pktlen, &p, owner, 1, 10)) | |
806 | return 0; | |
807 | GETSHORT(qtype, p); | |
808 | GETSHORT(qclass, p); | |
809 | GETLONG(ttl, p); | |
810 | GETSHORT(rdlen, p); | |
3471f181 GB |
811 | if (qtype == T_DS) |
812 | { | |
813 | printf("DS found\n"); | |
814 | dnssec_parseds(header, pktlen, owner, ttl, rdlen, p); | |
815 | } | |
816 | else if (qtype == T_DNSKEY) | |
817 | { | |
818 | printf("DNSKEY found\n"); | |
47f99dd2 | 819 | dnssec_parsekey(header, pktlen, owner, ttl, rdlen, p); |
3471f181 | 820 | } |
4137b84e GB |
821 | p += rdlen; |
822 | } | |
d0edff7d | 823 | cache_end_insert(); |
4137b84e | 824 | |
d0edff7d | 825 | /* After we have cached DNSKEY/DS records, start looking for RRSIGs. |
4137b84e GB |
826 | We want to do this in a separate step because we want the cache |
827 | to be already populated with DNSKEYs before parsing signatures. */ | |
828 | p = reply; | |
23c21766 | 829 | for (s = 0; s < 3; ++s) |
4137b84e | 830 | { |
23c21766 GB |
831 | reply = p; |
832 | for (i = 0; i < slen[s]; i++) | |
e292e93d | 833 | { |
23c21766 GB |
834 | if (!extract_name(header, pktlen, &p, owner, 1, 10)) |
835 | return 0; | |
836 | GETSHORT(qtype, p); | |
837 | GETSHORT(qclass, p); | |
838 | GETLONG(ttl, p); | |
839 | GETSHORT(rdlen, p); | |
840 | if (qtype == T_RRSIG) | |
841 | { | |
842 | printf("RRSIG found (owner: %s)\n", owner); | |
843 | /* TODO: missing logic. We should only validate RRSIGs for which we | |
844 | have a valid DNSKEY that is referenced by a DS record upstream. | |
845 | There is a memory vs CPU conflict here; should we validate everything | |
846 | to save memory and thus waste CPU, or better first acquire all information | |
847 | (wasting memory) and then doing the minimum CPU computations required? */ | |
848 | dnssec_parserrsig(header, pktlen, reply, slen[s], owner, qclass, rdlen, p); | |
849 | } | |
850 | p += rdlen; | |
4137b84e | 851 | } |
e292e93d | 852 | } |
4137b84e | 853 | |
e292e93d GB |
854 | return 1; |
855 | } |